Security Designed to Protect 你
Innovation is built on trust; trust starts with transparency. 你 可以 trust Apptio to deliver world-class applications while handling your data with the utmost care and security. 威尼斯彩票官方设计业务的每一个方面都是为了传递这种信任.
December 23th 2021: Apache Log4j Remote Code Execution Vulnerability
- On 12/10 Apache Software Foundation disclosed a critical vulnerability in their Log4j Java logging library. Apptio has applied vendor recommended remediation steps to any 服务 that are or may potentially be impacted.
- Our ongoing efforts to address this vulnerability include actively and comprehensively analyzing our 服务 as new vendor guidance becomes available, and continuing to take the vendor recommended remediation steps where appropriate to ensure there is no exposure to the 服务 we provide or the customer data we host.
- 威尼斯彩票官方继续监视和分析系统活动, and to date we have no indication—and no reason to believe—that customer data was exposed or otherwise impacted.
- 除了应用供应商推荐的补救步骤之外, Apptio has also taken additional proactive measures and fortified its protective and detective controls (包括, 但不限于, applying enhanced WAF filtering), 并积极与第三方供应商合作.g., AWS, Salesforce, Atlassian, etc.)，以确保采取一切适当的措施.
再一次, to date we have no indication or reason to believe that our 服务 or customer data was exposed or otherwise impacted. We will update this notice to reflect new information as it becomes available.
Clients 可以 reach out to our Compliance group at SecurityRiskCompliance@Apptio.com for more information if 要求.
- For the instructions in performing the On-Premises Agent Update see http://help.goyinyang.com/en-us/datalink-classic/datalink/update-onprem-agent.html and for the instructions for updating the engine after the agent update see http://help.goyinyang.com/en-us/datalink-classic/datalink/update-engine.html.
- Please let us know if you have any further questions or if we 可以 be of further assistance by opening a support ticket at http://support.goyinyang.com.
Apptio recognizes that data location is an important consideration for businesses with a global presence. All Apptio data centers are world-class Tier 3 and Tier 4 data centers providing advanced security and environmental protection. 威尼斯彩票官方的一些产品使用了亚马逊网络服务(AWS). Apptio data center providers (包括 both colocation facilities and AWS) hold industry certifications that include SOC1 Type II, SOC2 II型, ISO27001:2013, 云安全联盟之星, 等.
- Asia Pacific (Sydney) Region
Apptio implements technical controls towards ensuring that customer data is protected from compromise and 未经授权的访问, 如:
Apptio regularly conducts penetration testing and vulnerability s可以ning 为了 ensure our systems are 维护ed in a secure state at all times. 渗透测试由威尼斯彩票官方专门的内部信息安全团队进行, as well as by leading third party security firms. Summary reporting for such third party penetration testing and web application vulnerability s可以s is available to customers upon request.
请报告任何可疑的恶意活动或潜在的未发现的安全漏洞 email@example.com 提示的注意.
保护您的数据是Apptio的首要任务, and the development and operation of our service revolves around that commitment. 这包括威尼斯彩票官方的人民, 安全策略, and dedication to helping you implement secure practices when using our products.
保密 & 信息安全
Apptio requires all employees and contractors to sign and abide by non-信息披露 confidentiality agreements, 并遵守威尼斯彩票官方的信息安全政策.
Apptio provides training to all employees on our information security handling practices and policies during their new hire orientation, 每年提供进修课程，以保持员工与时俱进. 除了, Apptio开发人员被要求每年接受特定的安全编码实践培训.
The principle of "least privilege" is adhered to and data is accessible only to authorized Apptio personnel as 要求 to operate the service. 客户资料只会披露给与向您提供服务有关的第三方, and only in accordance with your commercial agreements with Apptio.
1. 范围This Policy applies to the Processing of Personal Information by Apptio in the context of its publicly available websites, 包括 www.goyinyang.com探索.goyinyang.com,回应.goyinyang.com,信息.goyinyang.com, 社区.goyinyang.com (集体, (威尼斯彩票官方的“网站”)，并与客户联系, 合作伙伴, and vendor relationships (“Business Data”). Apptio is the data controller for the processing of Personal Information on our Website and for the processing of Business Data. 除了, Apptio获得, 通过其商业托管软件应用程序处理和托管个人信息(统称, the “Software Services”) provided to its customers who subscribe to those Software Services (“Customers”). When providing the Software Services, Apptio is a data processor and only processes Personal Information on behalf and instructions of our Customers, 哪些是数据控制器. The agreement between Apptio and our Customers defines the roles and responsibilities of the parties for the processing of Personal Information in the context of the Software Services. For more information on these activities, 请参阅向威尼斯彩票官方的服务提交您的资料的客户的隐私政策, and if you are located in the 欧洲an Union or the United Kingdom (欧洲an Economic Area or “EEA”) also to our 隐私 Shield 隐私政策. For the purpose of this Policy, “个人信息”指“与已识别的或可识别的自然人有关的任何信息.“本政策不适用于科技工商管理委员会收集的资料。, 有限责任公司, 或者是威尼斯彩票官方的员工, which are 政府erned by other policies. By accessing and continuing to 使用 the Website or the Software Services you consent to the terms and 条件 of our Policy. If you do not agree with any part of this Policy, please do not access or continue to 使用 any of our 服务 or otherwise submit your Personal Information.
2. Personal Information We May Collect or Receive这取决于你和威尼斯彩票官方互动的环境, 威尼斯彩票官方可能会收集或收到以下类型的信息, 包括 Personal Information, 来自及关于您:
- When you submit requests or post materials or inquiries on our Website (包括 when registering for content such whitepapers and requesting additional information, 服务, 或威尼斯彩票官方的支持), 威尼斯彩票官方可以收集你的名字, title, 公司名称, address, 电话号码, 和电子邮件地址, and certain company information.
- When you correspond with us via email, 威尼斯彩票官方可能会收集您电子邮件中包含的个人信息.
- We may obtain Personal Information from third party business 合作伙伴s such as the contact details of prospects and sale leads from our resellers.
- Any Personal Information you submit in a bulletin board or chat room on our Website.
- Any Personal Information you submit there will be posted online and 可以 be read, 收集, 或被这些论坛的其他网站访问者使用. We are not responsible for third party 使用 of the Personal information you choose to submit in these forums. 威尼斯彩票官方也保留权利，在威尼斯彩票官方的独立裁量权，删除您可能在威尼斯彩票官方的网站上发布的任何内容.
- Like many websites, we 使用 “饼干” to collect visitor information. 饼干 are alphanumeric identifiers that we 转移 to your computer’s hard drive through your Web browser. If you have provided your name or other contact information to us via a web form, 威尼斯彩票官方可以将这些信息与cookie联系起来. Using 饼干 makes it possible for us to recognize your browser when you visit and to tell us whether customers and visitors have visited the Website previously. This information may also be 使用d to provide you with information that we believe to be relevant to you based on your actions on our Website.
- When Customers register to 使用软件服务 (and related 服务, such as training and customer support), we require them to provide us with contact information (such as name, 公司名称, 电话号码, 和电子邮件地址). 他们可以自愿决定传达额外的个人信息(如头衔), 部门名称, 传真号码, and additional company information, 如邮寄地址, 年收入, 员工人数, 或行业). We will 使用 the email address provided during the registration process to generate a 使用rname and temporary password for Customers. 用户将被邀请登录以更改密码.
- 威尼斯彩票官方收集有关客户使用软件服务的信息，包括在日志文件(e.g;, when a 使用r logs, its 使用 of the system).
- 与客户的同意, we may post Customers’ testimonials, 其中可能包括个人信息，如姓名, 有关其使用软件服务的信息.
- Customers contact details to send them information about our products or 服务. Personal Information of Vendors’ and 合作伙伴’ Employees as provided by Vendors or Partner for purposes of the vendor’s 服务 or in furtherance of the relevant 合作伙伴 relationship.
3. How We May Use Personal InformationWe may 使用 the information that we collect about you or that you provide to us, 包括 any Personal Information, 通过以下方式:
- We 使用 data we collect to provide the Website and Software Services that we offer. 这包括操作, 维护, 并向您提供本网站和软件服务的所有内容和功能.
- To inform you about Apptio and our products, 服务和合作伙伴, 包括 to send you marketing promotions.
- To protect the security of our 服务, 员工和用户, 发现和防止欺诈, 解决争端.
- To send administrative information to you, 例如, 关于服务和威尼斯彩票官方条款的变更的信息, 条件, 以及威尼斯彩票官方网站和软件服务的政策.
- To understand usage patterns on the Website and Software Services.
- To set up the Software Services for individuals and their organizations.
4. How We May Share Personal Information威尼斯彩票官方可能会以以下方式披露您的个人信息:
- To our affiliates or subsidiaries as necessary to provide our products and 服务.
- 向支持威尼斯彩票官方业务的服务提供者致敬. We do not authorize these service providers to 使用 or disclose your Personal Information except as necessary to perform certain 服务 on our behalf or comply with legal requirements. We require these service providers to safeguard the 隐私 and security of personal information they process on our behalf.
- 一个收购者, 的继任者, or assignee as part of any merger, 收购, 债务融资, 出售资产, 或类似的事务, or in the event of an insolvency, 破产, or receivership in which information is 转移red to one or more third parties as one of our business assets.
- We may disclose your Personal Information if 要求 to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, 对法院命令的回应, judicial or other 政府ernment subpoena or warrant, or to otherwise cooperate with law enforcement or other 政府ernmental agencies.
- 威尼斯彩票官方可能会将您的个人信息透露给威尼斯彩票官方的私人股本赞助商，Vista股权合作伙伴. See further details 下面 in section 10.
- Marketing communications from Apptio. If you do not wish to receive e-mail marketing communication from us, you 可以 opt-out by sending an email to firstname.lastname@example.org. 你 可以 also unsubscribe from e-mail marketing communications by following the instructions contained in the marketing messages you receive. Even if you opt-out or unsubscribe, 威尼斯彩票官方可以向您发送与本服务有关的某些通信, such as administrative messages that are considered part of your account membership. 你 可以not opt-out of receiving those messages. Where 要求 under applicable law, we will only send you marketing communications with your consent
- Right of access, deletion, correction of your Personal Information. 以适用法律为准, you may have the rights to request access to and receive information about the Personal Information we 维护 about you, 更新和更正您个人信息中的不准确之处, and have the information blocked or deleted, 适当的. 这些权利在某些情况下可能受到当地法律的限制. 如欲行使这些权利，请按以下联络方式一节中所述与威尼斯彩票官方联络.
- Customers account information. 登录本网站，您可以随时更新、编辑或删除您的帐户信息.
- If you are a California Resident, see 你r California 隐私 Rights 下面 at 第七节.
- If you are in 欧盟, see the GDPR 下面 at 第六节
饼干如果您不希望威尼斯彩票官方在网站上收集cookie, you may set your browser to ref使用 饼干, or to alert you when 饼干 are being sent. 你 可以 选择不收集和使用某些信息, which we collect about you by automated means, 包括饼干, 当您访问威尼斯彩票官方的网站时 or update your browser settings. 你的浏览器可能会告诉你如何收到通知，并选择不接收某些类型的cookie. 如果你这样做了, 请注意，威尼斯彩票官方的网站的某些部分可能无法使用或无法正常运行. 必须启用cookie 为了 使用软件服务.
6. GDPRThe EU General Data Protection Regulation (“GDPR”) went into effect on: May 25, 并迎来了最全面的数据保护措施, 隐私 and data 转移 regulations to date. 如果公司使用第三方数据处理器来收集数据, 传输, host or analyze personal data of EU citizens, the GDPR requires the company 使用 processors who guarantee their ability to implement the technical and organizational requirements of the GDPR. Apptio品牌产品, and the processing of customer data within the Apptio branded products, 是否符合GDPR. 为了正式实现这一承诺，威尼斯彩票官方添加了Apptio EU General Data Protection Regulation Provisions to our contractual commitments to our customers. 除其他外，这些术语使Apptio有义务:
- Process personal data based on customer instructions or applicable laws
- Ensure that personnel accessing personal data are subject to confidentiality duties
- Apply technical and administrative measures to protect personal data
- Delete personal data at the conclusion of the contracted 服务 except where retention is 要求 or permitted by law
- Obtain customer consent when engaging a subprocessor to process personal data in connection with the Apptio branded products. 如果您是当前的客户，您将被邀请审查 list of subprocessors available 并通过页面上描述的机制获取更新.
7. 你r California 隐私 RightsThis section provides additional details about the personal information we may collect about California consumers and the rights afforded to them under the California Consumer 隐私 Act or “CCPA”. 有关威尼斯彩票官方在过去12个月收集的个人信息的详细信息, 包括 the categories of sources, please see the Personal Information We May Collect or Receive (Section 2) above. 威尼斯彩票官方收集这些信息是出于本隐私政策中所描述的业务和商业目的. We share this information with the categories of third parties described in the How We May Share Personal Information (Section 4) above. Apptio does not sell (as the term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). 请注意，威尼斯彩票官方可能会使用第三方饼干作为威尼斯彩票官方的广告目的，详见 15节 下面. Subject to certain limitations, CCPA为加州消费者提供了多项权利, 具体地说:
- the right to request to know more details about the categories or specific pieces of personal information we collect (包括 how we 使用 and disclose this information);
- to delete their personal information;
- to opt out of any “sales” that may be occurring; and
8. 数据安全We take reasonable steps given the context of the engagement in which data is provided to protect your Personal Information from loss, 滥用, 干扰, 未经授权的访问, 信息披露, 变更, 和破坏. 然而, the security of information 传输ted through the Internet 可以 never be guaranteed and is not entirely within our control. 在什么情况下，您收到访问威尼斯彩票官方网站或软件服务的某些部分的密码, 您有责任对密码保密. 威尼斯彩票官方要求您不要与任何人分享您的密码.
9. 跨境数据传输We may 转移 your Personal Information to countries other than the country in which the data was originally 收集. Those countries may not have the same data protection laws as the country in which you initially provided that information. 当威尼斯彩票官方将您的个人信息转移到其他国家时, 威尼斯彩票官方将按照本隐私政策的规定对其进行保护. 提供威尼斯彩票官方的服务, 威尼斯彩票官方可能需要在威尼斯彩票官方有员工的几个国家之间转移您的个人信息, facilities or service providers, 包括美国在内, 威尼斯彩票官方的总部在哪里. By using the Software Services or otherwise providing Personal Information to us, 您同意将个人信息转移到您居住国以外的国家, 包括你.S. If you are located in the EEA, we comply with applicable legal requirements providing adequate protection for the 转移 of Personal Information to countries outside of the EEA. Apptio公司. 已经证明给EU-U了吗.S. 隐私 Shield Framework as set forth by the Department of Commerce and the 欧洲an Commission regarding the collection, 存储, 使用, 转移, and other processing of Personal Information 转移red from the EEA to the U.S. 有关隐私盾的更多信息，请参阅 http://www.隐私shield.政府. 来看看威尼斯彩票官方的 隐私 Shield 隐私政策, please click here.
10. Apptio’s Private Equity SponsorWe may disclose your personal information to our private equity sponsor, Vista股权合作伙伴, 和它的子公司, 包括 Vista Consulting Group (集体, “Vista”), 管理, 研究, 数据库开发和业务操作的目的, in line with the terms of this 隐私政策. Vista processes your personal information on the basis of its legitimate interests in overseeing the recruitment process and, 如果适用的话, your employment relationship with Apptio. If you have consented to us doing so, we also share your personal information with other Vista portfolio companies for the purpose of being considered for other job opportunities in the pooling system, both inside and outside the EEA. 请在以下网址找到所有Vista投资组合公司的完整名单: http://www.vistaequityPartnerss.com/companies/. 如果这要求威尼斯彩票官方将您的个人信息转移到欧洲经济区以外，请参阅 9节 of the 隐私政策 for further details on cross-border 转移s. In connection with the recruitment process, 威尼斯彩票官方会将您的个人数据转移到欧洲经济区以外的Hirebridge, 有限责任公司和标准公司., which provide appli可以t tracking 服务. Hirebridge, 有限责任公司和标准公司. 两者都符合欧盟和欧盟的规定.S. 隐私 Shield Framework and ensure that your personal information is adequately protected whilst outside of the EEA.”
11. 其他网站的连结Our website may contain links to websites of third parties who: (1) are not affiliated with us; (2) are outside our control; or (3) are not covered by this Policy (“Third-Party Websites”). 本网站提供给第三方网站的链接仅为方便您而提供. The inclusion of any link does not imply its reliability or an endorsement by us of the content or security. We are not responsible for the 隐私 practices of Third-Party Websites, 哪些公司可能以与威尼斯彩票官方不同的方式收集和使用您的信息. Accordingly, the 使用 of such Third-Party Websites is entirely at your own risk. 的相关信息, 在使用任何第三方网站的隐私声明或政策之前，您应先阅读这些声明或政策. Other parties may collect information about your online activities over time and across different websites when you 使用 our Site or Services.
12. 更改威尼斯彩票官方的政策威尼斯彩票官方保留在任何时候修改本政策的权利, so please review it frequently to see when the Policy was last revised. Any changes to this Policy will become effective when we post the revised Policy on our Website or via the Software Services. 您继续使用本网站或软件服务将被视为您接受此类更改, to the extent permitted under applicable law.
13. 孩子们本网站并非旨在收集13岁以下儿童的个人信息. 威尼斯彩票官方无意或有意收集此类信息.
14. 不要跟踪披露信息don ' t Track (" DNT ")是用户可以在浏览器中设置的隐私选项吗. 当用户打开DNT时, the browser sends a message to website operators requesting them not to track the 使用r’s website activities. At this time, we do not respond to DNT signals. We do not change our practices, described elsewhere in this Policy, in response to DNT settings or signals. 特别是, even if you have turned on a DNT signal, we and others will continue to collect information about you and your website activities through the 使用 of 饼干, 跟踪像素, 和其他工具. For more information about DNT, visit www.allaboutdnt.org.
15. cookie和Web beaconThis section applies to the Apptio Website and describes the information we collect by automated means using information-gathering tools, such as 饼干 and web beacons. 饼干 are small pieces of information or text that are issued to your computer when you visit a website and are 使用d to store or track information about your 使用 of the site. Apptio 使用s 饼干 for several reasons. Some 饼干 are strictly necessary to enable core site functionality. 威尼斯彩票官方称之为"要求“饼干. 例如, we may 使用 要求 饼干 to authenticate your access to various secure areas of our Website that may contain content for registered 使用rs. 其他饼干允许威尼斯彩票官方提高您的浏览体验, tailor content to your preferences, 并使您与威尼斯彩票官方网站的互动更有意义. 威尼斯彩票官方称之为"performance“饼干. 例如, 性能 饼干 may be 使用d to determine whether you have visited our Website before and inform us about site features in which you have interest, 从而允许威尼斯彩票官方更好地为威尼斯彩票官方的用户定制网站. 除了必需的和 性能 饼干, some third parties issue 饼干 through our Website to serve ads that are relevant to your interests based on your browsing activities. 目标cookie还允许威尼斯彩票官方分析网站流量，以便威尼斯彩票官方可以衡量和改进性能. These third parties may also collect your browser history or other information to determine how you reached our Website and the pages you visit when you leave our Website. Information gathered through these automated means may be associated with the personal information you previously 提交至本署网页. “社交媒体” 饼干 are set by a range of social media 服务 that we have added to the site to enable you to share our content with your friends and networks. 他们 能够跟踪 your browser across other sites and building up a profile of your interests.
网络信标Web beacons (also known as internet tags, 像素标记, and clear GIFs) are clear electronic images that 可以 recognize certain types of information on your computer, 例如用于查看网站页面的浏览器类型, 当您查看链接到网络信标的特定网站时, 以及与网络信标绑定的网站描述. 威尼斯彩票官方网站上的某些页面可能包含此类网络信标, Apptio使用哪些工具来运营和改进网站.
如何控制cookie?Apptio遵守控制用户cookie的隐私法律 throughout the world, 包括 欧盟. Those 使用rs 可以 modify their cookie settings when they first visit our website, or by accessing their cookie settings. 对于所有其他用户，by使用本网站, you agree that we 可以 place 饼干 on your computer or device as explained above. 然而, you 可以 stop 饼干 being downloaded to your computer by selecting the appropriate settings on your browser. Most browsers will allow you to see what 饼干 you have and delete them on an individual basis or block 饼干 from particular or all websites. Be aware that any preference you have set will be lost if you delete all 饼干, 包括 your preference to opt-out from 饼干 as this itself requires an opt-out cookie to have been set. 有关如何修改浏览器设置以阻止或过滤饼干的详细信息，请参见 http://www.aboutCookies.org/ or http://www.cookiecentral.com/faq/. Please bear in mind that removing or blocking 饼干 可以 affect your 使用r experience and without 饼干, you may not be able to take full advantage of our Website features. We may modify or amend this Cookie information from time to time at our discretion. When we make changes to this notice, 威尼斯彩票官方将修改页面顶部的修订日期, and such modified or amended information shall be effective as to you and your information as of that revision date. We encourage you to periodically review this Cookie sction to be informed about how we are using 饼干.
16. 如何联络威尼斯彩票官方If you have questions about this Policy, the Website or the Software Services, would like to opt out from certain service, 或者行使你的权利, 威尼斯彩票官方:
- 通过电子邮件在 隐私@goyinyang.com; or
- 通过Apptio公司 .的邮件., 11100 NE 8th Street, #600, Bellevue, WA 98004
Apptio’s Information Security team, 法律部门, and Internal Compliance/Audit department all work together to ensure that industry best security practices are met. Apptio’s Software-as-a-Service (SaaS) environment follows stringent guidelines to protect the confidentiality, 完整性, 隐私, and availability of your data.
Compliance and Certifications
We also work with independent auditors and penetration testers to validate that Apptio has the appropriate security controls in place to protect customer data entrusted to us.
SOC2 II型 Report and SOC3 Report
System and Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Apptio achieves key Compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Apptio controls established to support operations and Compliance. Apptio cloud 服务 have been successfully audited in accordance with the 信任 Services Criteria for design and operational security. To learn more about the AICPA and the SOC standards, see the following link: http://www.aicpa.org/soc4so
Apptio通过ISO27001:2013认证，并符合所有相关的建立要求, 实现, 维持及持续改善资讯保安管理系统(ISMS). This alignment ensures that Apptio cloud 服务 have the requisite and appropriate security controls and management program in place as defined in the ISO/IEC 27001 standard.
Apptio is one of a select group of SaaS providers who have received FedRamp certification under the Joint 授权 Board (JAB) 授权 to Operate (ATO). Apptio’s FedRAMP environment provides a continental United States (CONUS)-based and dedicated infrastructure (facilities, 服务器, 数据库, networking devices) for Federal Government agencies subscribing to our SaaS 技术 Business Management (TBM) solutions.
Apptio是唯一一家进行了IRAP评估并达到保护级别的TBM SaaS提供商. Apptio’s IRAP environment provides an Australian based service for Government agencies subscribing to our SaaS 技术 Business Management (TBM) solutions.
Our Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) response details how Apptio cloud 服务 fulfill the security, 隐私, Compliance, and risk management requirements defined in the CSA CCM version 3.0.1.
General Data Protect Requirements (EUGDPR)
Apptio符合EU GDPR的Compliance要求. Four years after the overhaul of 欧洲an data protection laws began, the final text of the new General Data Protection Regulation (EU GDPR) was approved in Spring 2016 and the new rules came into effect on May 2018. The rights of EU citizens to control their personal details is respected by Apptio.
California Consumer 隐私 Act (CCPA)
The California Consumer 隐私 Act (CCPA), 2018年颁布, 创建与访问有关的新的消费者权利, 删除, and sharing of personal information that is 收集 by businesses. Apptio遵守加州消费者隐私法案. Apptio provides additional rights to California Consumers which are fully set out in our 隐私 policy and in the agreements we put in place with our Vendors and our Customers. Apptio尊重加州消费者控制其个人信息的权利.
Apptio complies with 欧盟-U.S. 隐私 Shield Framework as set forth and certified to the US Department of Commerce regarding the collection, 使用, 以及保留从欧盟转移到美国的个人信息.